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AMENDMENTS TO THE CLAIMS 

1. (Currently amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising the steps of: 

(a) redirecting, to an isolation environment comprising a user isolation scope and an 
application isolation scope, a request for a native resource provided by an 
operating system, the request made by a process executing on behalf of a first 
user; 

(b) locating an instance of the requested native resource in the user isolation scope 
on behalf of a first user; and 

(c) responding to the request for the native resource using the instance of the 
requested native resource located in the user isolation scope. 

2. (Previously presented) The method of claim 1 wherein step (b) comprises failing to 
locate an instance of the requested native resource in the user isolation scope. 

3. (Original) The method of claim 2 wherein step (c) comprises redirecting the request to 
the application isolation scope. 

4. (Previously presented) The method of claim 3 further comprising the steps of: 

(d) locating an instance of the requested native resource in the application 
isolation scope; and 

(e) responding to the request for the native resource using the instance of the 
requested native resource located in the application isolation scope. 

5. (Previously presented) The method of claim 4 wherein step (e) comprises creating an 
instance of the requested native resource in the user isolation scope that corresponds to 
the instance of the requested native resource located in the application isolation scope 
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and responding to the request for the native resource using the instance of the requested 
native resource created in the user isolation scope. 

6. (Original) The method of claim 4 wherein step (d) comprises failing to locate an instance 
of the requested native resource in the application isolation scope. 

7. (Previously presented) The method of claim 6 wherein step (e) comprises responding to 
the request for the native resource using a system-scoped native resource. 

8. (Previously presented) The method of claim 6 wherein step (e) comprises: 

creating an instance of the requested native resource in the user isolation 
scope that corresponds to the instance of the requested resource located in a 
system scope and responding to the request for the native resource using the 
instance of the resource created in the user isolation scope. 

9. (Original) The method of claim 1 further comprising the step of hooking a request for a 
native resource made by a process executing on behalf of a first user. 

10. (Original) The method of claim 1 further comprising the step of intercepting a request for 
a native resource executing on behalf of a first user. 

11. (Original) The method of claim 1 further comprising the step of intercepting by a file 
system filter driver a request for a file system native resource executing on behalf of a 
first user. 

12. (Original) The method of claim 1 wherein step (a) comprises redirecting to an isolation 
environment comprising a user isolation scope and an application isolation scope a 
request for a file made by a process executing on behalf of a first user. 

13. (Original) The method of claim 1 wherein step (a) comprises redirecting to an isolation 
environment comprising a user isolation scope and an application isolation scope a 
request for a registry database entry made by a process executing on behalf of a first user. 
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14. (Previously presented) The method of claim 1 further comprising the steps of: 

(d) redirecting to the isolation environment a request for the native resource made by 
a second process executing on behalf of a second user; 

(e) locating an instance of the requested native resource in a second user isolation 
scope; and 

(f) responding to the request for the native resource using the instance of the native 
resource located in the second user isolation scope. 

15. (Original) The method of claim 14 wherein the process executes concurrently on behalf 
of a first user and a second user. 

16. (Previously presented) The method of claim 14 wherein step (e) comprises failing to 
locate an instance of the requested native resource in the second user isolation scope. 

17. (Original) The method of claim 16 wherein step (f) comprises redirecting the request to 
the application isolation scope. 

18. (Previously presented) The method of claim 17 further comprising the steps of: 

(d) locating an instance of the requested native resource in the application isolation 
scope; and 

(e) responding to the request for the native resource using the instance of the native 
resource located in the application isolation scope. 

19. (Previously presented) The method of claim 1 further comprising the steps of: 

(d) redirecting to the isolation environment a request for a native resource made by a 
second process executing on behalf of a first user; 
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(e) locating an instance of the requested native resource in the user isolation scope; 
and 

(f) responding to the request for the native resource using the instance of the 
resource located in the user isolation scope. 

20. (Previously presented) The method of claim 19 wherein step (e) comprises failing to 
locate an instance of the requested native resource in the user isolation scope. 

21. (Original) The method of claim 20 wherein step (f) comprises redirecting the request to a 
second application isolation scope. 

22. (Previously presented) The method of claim 21 further comprising the steps of: 

(d) locating an instance of the requested native resource in the second application 
isolation scope; and 

(e) responding to the request for the native resource using the instance of the native 
resource located in the second application isolation scope. 

23. (Currently amended) An isolation environment for isolating access by application 
programs to native resources provided by an operating system, the isolation environment 
comprising: 

a user isolation scope storing an instance of a native resource provided by 
an operating system , the user isolation scope corresponding to a user; and 

a redirector intercepting a request for the native resource made by a 
process executing on behalf of the user and redirecting the request to the user 
isolation scope. 

24. (Original) The apparatus of claim 23 wherein the isolation environment further 
comprises an application isolation scope storing an instance of the native resource. 



4296705vl 



5 



Serial No.: 10/711,737 



Attorney Ref. No.: 2006579-0141 
Client Ref. No.: CTX-105 



25. (Original) The apparatus of claim 24 wherein the isolation environment further 
comprises a second application isolation scope storing an instance of the native resource. 

26. (Previously presented) The apparatus of claim 23 wherein the redirector returns a handle 
to the requesting process that identifies the native resource. 

27. (Original) The apparatus of claim 23 further comprising a rules engine specifying 
behavior for the redirector when redirecting the request. 

28. (Original) The apparatus of claim 23 wherein the redirector comprises a file system filter 
driver. 

29. (Original) The apparatus of claim 23 wherein the redirector comprises a function 
hooking mechanism. 

30. (Previously presented) The apparatus of claim 29 wherein the function hooking 
mechanism intercepts an operation selected from a group of file system operations, 
registry operations, operating system services, packing and installation services, named 
object operations, window operations, file-type association operations and Component 
Object Model (COM) server operations. 

3 1 . (Original) The apparatus of claim 23 wherein the application isolation environment 
further comprises a second user isolation scope storing a second instance of the native 
resource. 

32. (Original) The apparatus of claim 23 wherein the application isolation environment 
further comprises a second user isolation scope storing an instance of the native resource, 
the second user isolation scope corresponding to a second user. 
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